hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking...
Transcript of hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking...
![Page 2: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/2.jpg)
Hack in the Box - 2007
outline
biometric systems
attacking the data− the communication− the templates
attacks using the sensor− fingerprint recognition− face recognition− iris recognition
![Page 3: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/3.jpg)
Hack in the Box - 2007
biometric systems
parts of biometric systems
access control− rooms− computers− mobiles− cars
payment− stores− governmental− ATMs
border control
![Page 4: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/4.jpg)
Hack in the Box - 2007
biometric systems - types of attacks
attacking the data− communication data (1)− reference data (2)
attacking the software (3) − matcher− threshold
attacks using the sensor (4)parts of biometric systems
12
3
4
![Page 5: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/5.jpg)
Hack in the Box - 2007
attacking the communication
![Page 6: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/6.jpg)
Hack in the Box - 2007
sniffing the communication
Hardware− USB-Agent / USB Tracker− GNU-Radio (van Eck)
Software− usbsnoop− sniffusb− usbmon
www.hitex.comUSB-Agent
usbsnoop
![Page 7: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/7.jpg)
Hack in the Box - 2007
attacking the communication
directly replaying sniffed packages
attacking the software by manipulated stream data
sniffing replaying
replay attack by Lisa Thalheim
![Page 8: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/8.jpg)
Hack in the Box - 2007
extracting images
analysing stream data
extracting images for dummies
inserting own payload− data of allowed users− brute force− analysing template data
USB-sniff of the Siemens ID Mouse
![Page 9: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/9.jpg)
Hack in the Box - 2007
attacking the templates
![Page 10: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/10.jpg)
Hack in the Box - 2007
templates
localisation− in the filesystem (filemon) − in the registry (regmon)
analysing− template to user correlation− used algorithms− checksums− raw images (making dummies)
![Page 11: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/11.jpg)
Hack in the Box - 2007
attacking the templates
extracting data for making dummies
adding or deleting a template
two people matching one template
![Page 12: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/12.jpg)
Hack in the Box - 2007
attacks using the sensor
![Page 13: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/13.jpg)
Hack in the Box - 2007
fingerprint recognition
![Page 14: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/14.jpg)
Hack in the Box - 2007
fingerprint recognition
convolution of theskin
sensortypes− capacitive− optical− thermal− pressure
minutia basedrecognition
optical sensor
capacitive sensor
optical sensor
minutias
profile of the skin
![Page 15: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/15.jpg)
Hack in the Box - 2007
reactivating latent prints
reactivating latent prints on touchsensors− capacitive: aspirate, graphite− optical: coloured powder
− graphite or coloured powder onadhesive tape
http://www.heise.de/ct/02/11/114/
reactivatinglatent prints
graphite onadhesive tape
![Page 16: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/16.jpg)
Hack in the Box - 2007
visualisation of latent prints on glossy surfaces
coloured or magneticpowder
cyanoacrylate
vacuum metal deposition
visualisation with coloured powder
visualisation with cyanoacrylate
visualisation with sputtered gold
![Page 17: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/17.jpg)
Hack in the Box - 2007
visualisation of latent prints on paper
amino acid indicator− Ninhydrin− Iodide
thermal decomposition ofgrease
visualisation withNinhydrin
visualisation of grease
![Page 18: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/18.jpg)
Hack in the Box - 2007
making a dummy finger
gelatine silicone, wood glue
− enhancing with graphite orgold
aluminium foil on PCBs
making a dummy finger
dummy fingeretched PCB
![Page 19: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/19.jpg)
Hack in the Box - 2007
fingerprint recognition :: life check
pulse− IR illuminated bloodstream− deformation of the ridges
property of the skin− electrical and thermal conductivity− colour
absorption of the blood
sweat
![Page 20: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/20.jpg)
Hack in the Box - 2007
face recognition
![Page 21: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/21.jpg)
Hack in the Box - 2007
face recognition
2 dimensional 3 dimensional infrared
feature points eigenface template matching
![Page 22: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/22.jpg)
Hack in the Box - 2007
face recognition :: defeatment
2D− adapting the face (make up)− pictures or video− latex mask
3D− latex mask− modeling the whole head
http://www.heise.de/ct/english/02/11/114/
![Page 23: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/23.jpg)
Hack in the Box - 2007
face recognition :: life check
moving of the head
moving of the face− blinking− speaking
reflection of the skin
![Page 24: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/24.jpg)
Hack in the Box - 2007
iris recognition
![Page 25: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/25.jpg)
Hack in the Box - 2007
iris recognition
taking picture− near infrared spectrum for
better contrast
extracting the iris
calculating iris code
![Page 26: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/26.jpg)
Hack in the Box - 2007
iris recognition :: defeatment
picture or video
contact lense− printed or painted iris− iris hologram
http://www.heise.de/ct/english/02/11/114/
![Page 27: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/27.jpg)
Hack in the Box - 2007
iris recognition :: life check
moving the eye
reflections of the eyes
contracting pupil if illuminated
flatness of the iris
![Page 28: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/28.jpg)
Hack in the Box - 2007
conclusion
most of the biometric systems are easy to fool fooling needs only a small amount of time and
money
Don't use biometric systems for securityrelevant applications!
![Page 30: hacking biometric systems · Hack in the Box - 2007 biometric systems - types of attacks attacking the data −communication data (1) −reference data (2) attacking the software](https://reader034.fdocuments.us/reader034/viewer/2022051811/601f36e8bee2ad7ffd03d11c/html5/thumbnails/30.jpg)
Hack in the Box - 2007
preventing the recognition
superglue
hard work :)
etching
scorching
remove with emery paper
transplantation